Support / Sécurité / Annonces de sécurité / Multi Network Firewall 2.0 / MDKSA-2006:221

Nom du paquet: gnupg
Date: 2006-11-30
Advisory ID: MDKSA-2006:221
Affected versions: CS4.0 x86_64 , MNF2.0 i586 , 2006.0 i586 , 2007.0 x86_64 , 2007.0 i586 , CS3.0 x86_64 , CS4.0 i586 , CS3.0 i586 , 2006.0 x86_64

Problem description

Buffer overflow in the ask_outfile_name function in openfile.c for
GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow
attackers to execute arbitrary code via messages that cause the
make_printable_string function to return a longer string than expected
while constructing a prompt.

Updated packages have been patched to correct this issue.

Updated packages

CS4.0 x86_64

 ad3b69e395186d56ec93a2ac21330bc3  corporate/4.0/x86_64/gnupg-1.4.2.2-0.4.20060mlcs4.x86_64.rpm
 8c7327c6d4244a7a8ead9d1f5f4f462e  corporate/4.0/x86_64/gnupg2-1.9.16-4.3.20060mlcs4.x86_64.rpm 
 b94a486c4644fd56ed61602b0ab7fac7  corporate/4.0/SRPMS/gnupg-1.4.2.2-0.4.20060mlcs4.src.rpm
 eb8b52a35c09081cc9f3f8e70ae67e5f  corporate/4.0/SRPMS/gnupg2-1.9.16-4.3.20060mlcs4.src.rpm

MNF2.0 i586

 08d7f0201cff5462b8ad7ea010e241b2  mnf/2.0/i586/gnupg-1.4.2.2-0.5.M20mdk.i586.rpm 
 2c9b6c752e00c97793e7e436c89d2c5a  mnf/2.0/SRPMS/gnupg-1.4.2.2-0.5.M20mdk.src.rpm

2006.0 i586

 c3ce4cd92136d7f632c14a6c80938b82  2006.0/i586/gnupg-1.4.2.2-0.4.20060mdk.i586.rpm
 bfaeaba79a74d3873b598f90e0e801e0  2006.0/i586/gnupg2-1.9.16-4.3.20060mdk.i586.rpm 
 9ac3ae5eb7475c230c7a7d0937c1c381  2006.0/SRPMS/gnupg-1.4.2.2-0.4.20060mdk.src.rpm
 c5da4a8a6e5bd9ec333d73180d93d64f  2006.0/SRPMS/gnupg2-1.9.16-4.3.20060mdk.src.rpm

2007.0 x86_64

 9ba224c45d13760e8100d88159818da0  2007.0/x86_64/gnupg-1.4.5-1.1mdv2007.0.x86_64.rpm
 13a6b47c7f88ffc1614e42a1276b7ac4  2007.0/x86_64/gnupg2-1.9.22-2.1mdv2007.0.x86_64.rpm 
 a492a12d44d0491f676566959847c4e6  2007.0/SRPMS/gnupg-1.4.5-1.1mdv2007.0.src.rpm
 f1816783fde74d0233d44ae64301886c  2007.0/SRPMS/gnupg2-1.9.22-2.1mdv2007.0.src.rpm

2007.0 i586

 d7ddd9237786b5e2d3b0fed45f1a1071  2007.0/i586/gnupg-1.4.5-1.1mdv2007.0.i586.rpm
 cc2078cc49dc6fb5f11add689684e60a  2007.0/i586/gnupg2-1.9.22-2.1mdv2007.0.i586.rpm 
 a492a12d44d0491f676566959847c4e6  2007.0/SRPMS/gnupg-1.4.5-1.1mdv2007.0.src.rpm
 f1816783fde74d0233d44ae64301886c  2007.0/SRPMS/gnupg2-1.9.22-2.1mdv2007.0.src.rpm

CS3.0 x86_64

 b6d1b7f3f609295724f3fe2372ba6103  corporate/3.0/x86_64/gnupg-1.4.2.2-0.4.C30mdk.x86_64.rpm 
 ec6725061073900f143df92a6f398f20  corporate/3.0/SRPMS/gnupg-1.4.2.2-0.4.C30mdk.src.rpm

CS4.0 i586

 7149e243684d303bd5b2bbda7ee9ffb9  corporate/4.0/i586/gnupg-1.4.2.2-0.4.20060mlcs4.i586.rpm
 c918da1cadd3c86aca8a6317cd36fc28  corporate/4.0/i586/gnupg2-1.9.16-4.3.20060mlcs4.i586.rpm 
 b94a486c4644fd56ed61602b0ab7fac7  corporate/4.0/SRPMS/gnupg-1.4.2.2-0.4.20060mlcs4.src.rpm
 eb8b52a35c09081cc9f3f8e70ae67e5f  corporate/4.0/SRPMS/gnupg2-1.9.16-4.3.20060mlcs4.src.rpm

CS3.0 i586

 92abcd2621d7f9ae84625abda55ac4d0  corporate/3.0/i586/gnupg-1.4.2.2-0.4.C30mdk.i586.rpm 
 ec6725061073900f143df92a6f398f20  corporate/3.0/SRPMS/gnupg-1.4.2.2-0.4.C30mdk.src.rpm

2006.0 x86_64

 8fcc5fdb170d0b268c13f93aabe0502e  2006.0/x86_64/gnupg-1.4.2.2-0.4.20060mdk.x86_64.rpm
 b7ef342175e3eaac7fc3794159f2064e  2006.0/x86_64/gnupg2-1.9.16-4.3.20060mdk.x86_64.rpm 
 9ac3ae5eb7475c230c7a7d0937c1c381  2006.0/SRPMS/gnupg-1.4.2.2-0.4.20060mdk.src.rpm
 c5da4a8a6e5bd9ec333d73180d93d64f  2006.0/SRPMS/gnupg2-1.9.16-4.3.20060mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6169